Algosub Algosub - 1 year ago 324
C Question

Use regex in linux kernel

I would like to use regexes in a linux kernel module.
I have the regexes ready, and I tested them in user space with


I know that
is a user space library, but is there a kernel alternative?


Edit: I am trying to find C code in SMTP connections for a university project.

Answer Source

The kernel already has a regexp engine; the functions are declared in kernel/trace/trace.h. It is part of the linux trace framework, and could relatively easily be adapted. You can see where it is currently used (identifier search).

Note also someone has got there before you. The l7-filter kernel component classifies L7 traffic based on (inter-alia) regex matching the packets. Their regex implementation has a man page.

You could also pass the packets to userspace via a socket using libipq, classify them, and pass them back. This is an easier approach, but slower, and apparently isn't what you want (but might be useful to another reader).

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download